Conjur v4.9.1.3 is a patch release. Details of changes are listed below.

Bug fix

/remote_health no longer assumes that the remote server is
listening on port 443. Instead, it uses the same port the
client used when it issued its request. This fixes an issue
displaying the cluster UI when the master listens on a port
other than 443.

Dashboard counts for Users, Groups, Layers, and Hosts have been fixed
to reflect the correct number of resources in Conjur

Bug fix

Conjur v4.9.0 is a major release that includes several new features,
as well as performance and usability enhancements.

Major Changes

Full Puppet Integration

For those organizations utilizing Puppet, this release brings tight integration between Conjur and Puppet. A new Puppet module (available on Puppet Forge), can be used to establish Conjur managed host identity and securely fetch secrets from Conjur in a secure and streamlined manner.

Additionally, Puppet-managed resources are now visible within the Conjur UI.

AWS Key Rotation via proxy

The AWS key rotators now support HTTP proxy connections.

Other Changes

Fixed an issue where Conjur fails to restore from backup when custom certs were used.

Fixed an issue where Evoke does not correctly restart services after certificates are updated.

Fixed an issue where the Cluster Status UI does not display correct details after master is restored from a backup.

Fixed an issue where SSH keys fail to import after 3rd party certs are imported.

Fixed an issue where Conjur UI becomes unresponsive with large numbers of secrets hosts, users, and groups.

Fixed an issue with empty boxes appear in the Role Graph for Host Factories with internal roles.

Conjur API can now read auth tokens from files.

Fixed an issue where Cluster status UI fails to load when the master is unhealthy.

Changes

Conjur v4.8.0 is a major release that includes several new features,
as well as performance and usability enhancements.

Major Changes

Integrated Conjur UI

Until now a separate container was required to deploy the Conjur UI.
We are pleased to announce that the UI is now
integrated into the Conjur appliance image.
This means that you can now open the HTTPS endpoint of any node in your Conjur cluster to view the Conjur UI.
Support for auto-updating the UI on a specified interval is also included in this release.

The Conjur UI also now features a Cluster Dashboard page that shows information about the nodes
in a Conjur cluster: their role, health, replication status, free disk space and version.

Finally, the activity charts on the Conjur UI homepage have also been improved.
At a glance you can now monitor the activity taking place in your Conjur environment.

Improved LDAP Sync Workflow

LDAP Sync now generates a Conjur Policy that can be loaded with the Conjur CLI.
LDAP Sync is still configured in the Conjur UI. This workflow dramatically increases the speed
and reliability of syncing users and groups from very large LDAP/AD environments. Generated
policies can be viewed using the Conjur CLI’s conjur ldap-sync policy show command.
This new command replaces conjur ldap-sync now.

Improved High Availability

Included in this release are a number of changes that make it easier to launch and operate
highly-available Conjur clusters. As mentioned above, the new Cluster Dashboard page in the
Conjur UI allows you to view the status of the nodes in your cluster at a glance.

A new CloudFormation template is available to make it easier to run Conjur on AWS.

HA standbys can now be configured to replicate synchronously.

Support for bringing your own server certificates and private keys has been improved.

HA cluster setup no longer requires a load balancer.
A load balancer is still recommended in front of the cluster for use by clients,
but the cluster itself does not route any traffic through it, nor rely on it for failover orchestration.

Cluster nodes connect to each other by IP address. Replication can be stopped, started, and rebased on any node using evoke commands.

Deprecated CLI commands and API routes

We first introduced Conjur Policy earlier this year,
in February’s v4.6.0 release.
Since then, feedback from customers on this feature has been very positive.
Declarative policy files are easier to reason about and enable continuous delivery of
Conjur security policy rules. To that end, we are deprecating CLI commands and API methods that
duplicate operations that are better performed through policy, including creating objects and
updating properties and annotations. These commands and methods will be removed entirely in Conjur 5.0.

Deprecated CLI commands and API routes are marked as deprecated in the CLI and API releases
accompanying Conjur v4.8.0.

Other Changes

The evoke configuration UI has been removed from the appliance image.
Use the evoke server tool to configure new Conjur nodes.

You can now configure a list of trusted proxy servers. You can use this technique to ensure
that audit events contain the correct remote IP address, rather than 127.0.0.1/localhost.

Rotators now handle expiration of the variables associated with a rotated variable.

The official Conjur AMI is now based on CoreOS.
Details are available at here.